<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/08/2011 07:39 PM, Adam Young wrote:
<blockquote cite="mid:4DC729A2.1010301@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
On 05/08/2011 06:20 AM, nasir nasir wrote:
<blockquote
cite="mid:895514.84135.qm@web161308.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top"><br>
Thanks indeed again for the reply. I went through the
deployment guide and installed and configured FreeIPA
2.0 on a RHEL 6.1 beta machine for testing. I also
configured the browsers on this server and a client
Kubuntu machine as per the guide. But I can't find any
doc which explain how to configure a client (kubuntu in
my case) for single sign on or even accessing a service
like nfs using the browser when native ipa-client
package is not available. All the docs are focused on
configuring client machines using ipa-client package. Is
this possible? if so could anyone suggest me some guide
lines or docs for the same ?</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</blockquote>
<br>
Does the client have SSSD?<br>
If it does making ipa-client work is probably the best path.<br>
<br>
If the SSSD is not an option then you are in the realm of PAM_KRB5
for the SSO.<br>
Please see the FreeIPA 1.2.1 documentation. There is no exact
documentation ofr your case but the closest IMO would be the
instructions for the Solaris client.<br>
<a class="moz-txt-link-freetext" href="http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html">http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html</a><br>
<br>
Also see man pages for pam_krb5.<br>
Hope this helps.<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<br>
<blockquote cite="mid:4DC729A2.1010301@redhat.com" type="cite"> Did
you try installing the ipa-client rpms with Alien?<br>
<br>
<blockquote
cite="mid:895514.84135.qm@web161308.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
<div>Thanks and Regards,</div>
<div>Nidal</div>
<div><br>
--- On <b>Mon, 5/2/11, Adam Young <i><a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a></i></b>
wrote:<br>
<blockquote style="border-left: 2px solid rgb(16, 16,
255); margin-left: 5px; padding-left: 5px;"><br>
From: Adam Young <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA for Linux
desktop deployment<br>
To: "nasir nasir" <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:kollathodi@yahoo.com"><kollathodi@yahoo.com></a><br>
Cc: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Date: Monday, May 2, 2011, 8:03 AM<br>
<br>
<div id="yiv902619029"> On 05/01/2011 08:49 AM,
nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div> Thanks for all the replies and
great suggestions! I do appreciate it
a lot.</div>
<div><br
class="yiv902619029Apple-interchange-newline">
Apologies for being a bit confusing
about the cetralized /home foder in my
previous mail. What I want is that all
the users should have their /home
folder stored in the storage. This
entire partition (or LUN) can be
attached to my Authentication
server(i.e FreeIPA) by using iSCSI.
From the Authentication server, I am
NOT looking for iSCSI to get it
mounted to the individual users'
machine. I think NFS/automount would
do that(appreciate any suggestion on
this !) And whenever a new user is
created, /home should be allocated out
of this partition so that whichever
machine the user is using to login
later, she should be able to access
the same /home specific to her
regardless of the machine. I hope it
is clear to all :-)</div>
<div><br>
</div>
<div>Thanks and regards,</div>
<div>Nidal</div>
<div><br>
</div>
<blockquote style="border-left: 2px
solid rgb(16, 16, 255); margin-left:
5px; padding-left: 5px;">
<div class="yiv902619029plainMail">>
-- Centralized storage with iSCSI
for /home folder for each user by
means of a dedicated storage<br>
IPA manages Automount, which is
possibly what you want. Are you
going to give each user their own
partition that follows them around,
or are you going to give the a home
directory on a a NAS server? I Have
to admit, the iSCSI home mount
sounds interesting. You could
probably get automount to help you
out there, but at this point I think
that you would need a separate key
line for each user.<br>
<br>
Note that iSCSI won't help you if
you want to mount the same partition
on multiple clients. For this, you
either need a distributed File
System, or stick to NFS.<br>
</div>
<div class="yiv902619029plainMail"><br>
</div>
</blockquote>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
<br>
Nidal,<br>
<br>
OK, I'd probably do something like this: After
install IPA, add one host as an IPA client with
the following switch: --mkhomedir,, something
like ipa-client-install --mkhomedir -p admin.
Then, mount the directory that you are going to
use a /home on that machine. Once you create
users in IPA, the first time you log in as that
user, do so from that client, and it will attempt
to create the home directory for you. This
should be the only machine that has permissions to
create directories under /home. Now, create an
automount location and map, and create a key for
/home<br>
<br>
The instructions from our test day should get you
started:<br>
<br>
<a moz-do-not-send="true" rel="nofollow"
class="yiv902619029moz-txt-link-freetext"
target="_blank"
href="https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount">https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount</a><br>
<br>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>